Splunk Search

Extracting the end of a URL

jravida
Communicator

Hi folks,

I was wondering if there is a quick way to extract the end of a URL (within the URI portion) and put it in a field.

www.example.com/2014/05/15/world/africa/sudan-christian-woman-apostasy/index.html
www.example.com/test/sudan-christian-woman-apostasy/test.zip

So I would only want index.html and test.zip to show up in a new field.

Hope this is easy to do, it probably is.

Tags (1)
0 Karma
1 Solution

linu1988
Champion

Try this

| rex field=fiels_name "\/(?<File>\\w+\\.\\w+)"

Thanks

View solution in original post

linu1988
Champion

Try this

| rex field=fiels_name "\/(?<File>\\w+\\.\\w+)"

Thanks

jravida
Communicator

This works perfect. Thanks for taking the time!

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...